Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can I configure this PIX 515E without failover? Also, why the ip assignment problem?

Posted on 2006-04-21
6
Medium Priority
?
1,066 Views
Last Modified: 2013-11-16
We have acquired a

"PIX 515E FO-AA BUN-sw Act/ac Tfo License Vac+ 6fe"

firewall and I am having trouble configuring it as a primary. Is it even possible to configure it as the primary (and ultimately the only) firewall?

The difficulties I'm having seem to revolve around my inability to assign the inside interface an IP address. Using the CLI, I go into configure mode for the interface and give it "ip address 192.168.1.1 255.255.255.0 inside" and the command completes with no errors reported yet when I "show interface", it reports the inside interface as having no IP address assigned.

BTW, if I use the CLI to "configure factory-default" then "show interface", it does assign the inside interface an IP and I'm able to use ASDM successfully which is very strange to me. Despite using "write memory" to save that working configuration to the flash, rebooting the firewall reloads a non functioning config giving me the same problem I described above.

Even running the "setup" command and assigning the IP address that way fails to actually assign it. The ONLY way I can get it to work is through loading the factory-defaults.

Your help is GREATLY appreciated!
0
Comment
Question by:madabdul82
5 Comments
 
LVL 4

Expert Comment

by:imreble1
ID: 16513058
FYI
We tried setting up a pix with a failover license as a stand alone. We got the ip address to take but without its partner in crime it will not ARP.


RDC
Fishnet Security
 



0
 
LVL 7

Expert Comment

by:minmei
ID: 16513319
A PIX with a failover license will not work by itself - the failover license is the cheapest one to get, because it is only used for the 2nd PIX in a failover pair - the primary uses an unrestricted license (most costly) and the secondary can run on an FO license.

You will need to but at least a restricted license to run your PIX.

0
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 1000 total points
ID: 16515605
Although not recommended, a PIX with a FO or FO-AA license can function as a standalone unit but will reboot at least once every 24 hours until you returned it to its proper function. I had customers who ran their firewall as a standalone using FO licenses but they eventually bought the proper license. Just don't forget to run the command "failover active" (even not using a failover configuration). This command is necessary to get the firewall running as standalone.

When you do the command "configure factory-default", the PIX does the following:

The default factory configuration for the PIX 515/515E security appliance configures the following:

1) E1 (inside) interface will have the IP address 192.168.1.1 and mask of 255.255.255.0.

2) DHCP server will be enabled in the range of 192.168.1.2 to 192.168.1.254. So any PC connecting to the internal network should get an IP address from the PIX.

3) HTTP server (192.168.1.1) will likewise be enabled for ASDM and should be accessible from the 192.168.1.0/24.

So by factory default config, you should already have an IP address assigned on the E1 of the PIX which is 192.168.1.1. Unless you want to change that, then thats the time you should go to the interface config mode.

If you want to change the IP address of the PIX, here's what I would advice you to do.

1) First do the command "failover active"
2) Then go to interface configuration mode and make the neccessary changes:

e.g.

interface ethernet1
 ip address 10.1.1.1 255.255.255.0
 nameif inside
 no shut

3) Save it to memory using the command: "copy running-config startup-config"


0
 

Author Comment

by:madabdul82
ID: 16520160
Thank you for the concise answer, stressedout2004! Basically its fooling the PIX into thinking it's counterpart is malfunctioning...but the joke is really on me.

I will be acquiring the correct licensing for this PIX to run as a primary and I very much appreciate both you and the administrator cautioning me on that.

Thanks again!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16520247
I'm pleased you took the comment the way it was meant and you have the information you need.

regards
keith
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question